How effective is the 'Non-robot' test on websites?

'I'm not a robot' is a reCAPTCHA version, which uses a lot of clues to determine whether the user trying to access the website is a real human being or a bot.

The Internet has made our life so much easier. With just one click in the cozy room, you have everything you want. Need to buy necessities in the house? Go to an ecommerce site and put the goods in the basket. Want to send money without having to go to the bank? Use internet banking services provided by your bank. Looking for information on any weird hobbies you care about? Just look for a range of blogs that specialize in topics that are right for you.

However, every disruptive technology has its advantages and limitations. In the case of the internet, one of the main concerns in digital infrastructure management is unforeseen traffic to websites by bots.

With the ability to perform financial scams, to purify goods from an e-commerce website, bots can cause chaos on a large scale. Developing advanced ways to determine who is actually visiting a website is essential; a flesh-and-blood human, or a cold bot made of code?

The most common method today - you probably already know - is reCAPTCHA, or test step to distinguish you from a bot with a single click.

Picture 1 of How effective is the 'Non-robot' test on websites?

But how can you pass this test by simply clicking on a box? How effective is this method?

Why do websites need to check if you're a bot or not?

As mentioned above, the internet is no longer an ideal place as we often imagine. It is the operating area of ​​countless bad guys who want to take advantage of the loopholes in digital infrastructure to serve their personal intentions.

Bots can be trained to pose a variety of dangers. Bots can create multiple accounts on social networking platforms and email service providers (such as Gmail), causing the number of users of these services to increase and use those email accounts to undermining other places on the internet. They can fill out forms with unwanted content and spread spam. The same thing happens with the comments section on websites and other platforms. Bots make it hard to gauge the interaction between real people on a platform or website.

In addition, there are so-called "scraper", who use bots to collect users' email addresses and use them for a variety of purposes. Hackers can use the "dictionary" attack method, which in turn scans each word in a list they set up to crack the password, so your password is completely insecure as you think. That's why you see a "I'm not a robot" check step when logging into many websites. Bots can also be used to write 5-star positive reviews on products and services, in order to create a "glossy" silhouette when in fact it is not.

To prevent these problems, a test to distinguish between real users and bots is essential. That's when people use CAPTCHA.

Picture 2 of How effective is the 'Non-robot' test on websites?

The birth of the CAPTCHA

CAPTCHA, short for "Completely Automated Public Turing test to tell Computers and Humans Apart" (a fully automated public Turing test to distinguish computers and people), was developed by scientists and professors at Carnegie Mellon University (CMU) and IBM in 2000. It is a way to remove unwanted bots from websites using distorted images, puzzles, audio clips, etc. This method is used to track PayPal credit card fraud cases.

The premise of this method is that programs often have difficulty in decoding distorted images, while humans can easily decode them. At one point, this CAPTCHA method was used by 200 million users a day, which is equivalent to spending approximately 500,000 hours of deciphering the disturbed text! The experts at CMU decided to turn all of these efforts into something more useful, and they used this bot detection method to digitize classic books.

This new method is called reCAPTCHA, and it uses scanned PDF files and books on computers, or other sources, to act as literacy tests, requiring users to solve the problem. code them, thereby solving two problems: removing bots and digitizing classic books.

This new CAPTCHA technology was later acquired by Google in 2009 and continues to be developed by the company.

On April 14, 2014, Google released a scientific draft revealing that it had developed image recognition systems using Deep Convolutional Neural Networks, with the ability to decode letters and numbers from the Street View image store. mine. This means that these programs are able to solve the most difficult CAPTCHA tests with 99.8% accuracy - making the current system unreliable.

However, the bot problem still exists, and we need a way to get rid of them. Introduce to you: No CAPTCHA reCAPTCHA.

Picture 3 of How effective is the 'Non-robot' test on websites?

No CAPTCHA reCAPTCHA

On December 14, 2014, Google announced that it had developed a new version of reCAPTCHA - the current popular version, which is the square with the words "I'm not a robot" (I'm not a robot) next.

This version no longer requires the user to decode the deformed text anymore, but will instead rely on a single click to determine whether you are a human or a bot. This method uses the backend Advanced Risk Analysis for reCAPTCHA, developed and published by Google on a blog post in 2013.

This backend process will analyze user interaction before, during and after writing a CAPTCHA to validate them, based on the clues to understand whether a user is a bot or a human. The "I'm not a robot" test uses similar methods, and it evaluates users moving the mouse pointer and how they fill in the text box. Google does not disclose all the clues, because if revealed, the goal to eliminate the bot will not be achieved.

However, the CAPTCHA has not been completely replaced, and is still included with the click box if Google feels shady behavior, making it an additional clue to user verification. The distorted text has been replaced with images - for example, a cat - that users must identify among other images.

Is the "I'm not a robot" test effective?

Google says that when a new version of reCAPTCHA is released, companies like Snapchat, WordPress, and Humble Bundle will be ready to implement this method. They claim that during the first week of using No CAPTCHA reCAPTCHA, users were able to access the main website much faster than previous methods.

In terms of security, adding multiple layers of clues will make accessing a website more difficult, and the "I'm not a robot" method is obviously a lot more supportive than decoding text. version in previous CAPTCHA methods. Google does not reveal clues to force bot writers to guess, thereby ensuring reCAPTCHA is always in the "truss" on.

This method is also suitable for the visually impaired, because it reduces the time needed to decode the text, and replace it with just one click, and sometimes find an object in multiple images. "No CAPTCHA reCAPTCHA" will be further developed in the future, with more clues being added to the algorithm to check user validity.

It can be said that the bot problem will not disappear soon, but as of now, it seems that humans are leading the digital race with the computers themselves.

Reference: ScienceABC

Update 23 March 2020
Category

System

Mac OS X

Hardware

Game

Tech info

Technology

Science

Life

Application

Electric

Program

Mobile